vboot/make_dev_firmware: extract bitmaps from system firmware instead of prebuilts.

scripts/image_signing/make_dev_firmware.sh

 #!/bin/sh
 #
 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # This script can change key (usually developer keys) in a firmware binary
 # image or system live firmware (EEPROM), and assign proper HWID, BMPFV as well.
 
 SCRIPT_BASE="$(dirname "$0")"
 . "$SCRIPT_BASE/common_minimal.sh"
 load_shflags || exit 1
 
 # Constants used by DEFINE_*
 VBOOT_BASE='/usr/share/vboot'
 DEFAULT_KEYS_FOLDER="$VBOOT_BASE/devkeys"
-DEFAULT_BMPFV_FILE="$DEFAULT_KEYS_FOLDER/firmware_bmpfv.bin"
+DEFAULT_BMPFV_FILE="<auto>"

[Randall Spangler, 2011/03/07 20:44:21]

Using '<auto>' intentionally because it's hard to type in a shell?

[Hung-Te, 2011/03/08 01:21:46]

Yes.

 DEFAULT_BACKUP_FOLDER='/mnt/stateful_partition/backups'
+DEFAULT_FIRMWARE_UPDATER='/usr/sbin/chromeos-firmwareupdate'
 
 # DEFINE_string name default_value description flag
 DEFINE_string from "" "Path of input file (empty for system live firmware)" "f"
 DEFINE_string to "" "Path of output file (empty for system live firmware)" "t"
 DEFINE_string keys "$DEFAULT_KEYS_FOLDER" "Path to folder of dev keys" "k"
-DEFINE_string bmpfv "$DEFAULT_BMPFV_FILE" "Path to the new bitmap FV" ""
+DEFINE_string bmpfv "$DEFAULT_BMPFV_FILE" \
+  "Path to the new bitmaps, <auto> to extract from system, empty to keep." ""
 DEFINE_boolean force_backup \
   $FLAGS_TRUE "Create backup even if source is not live" ""
 DEFINE_string backup_dir \
   "$DEFAULT_BACKUP_FOLDER" "Path of directory to store firmware backups" ""
 
 # Parse command line
 FLAGS "$@" || exit 1
 eval set -- "$FLAGS_ARGV"
 
 # Globals
@@ skipping 67 matching lines @@
   # a "{GUID} DEV" will become "{GUID} " in that case.
 
   if [ "$hwid" != "$hwid_no_dev" ]; then
     hwid="$hwid_no_dev"
   fi
   local hwid_dev="$hwid DEV"
   debug_msg "echo_dev_hwid: [$1] -> [$hwid_dev]"
   echo "$hwid_dev"
 }
 
+# Explores compatible firmware bitmaps
+explore_bmpfv() {
+  local tmp_folder=""
+
+  if [ -s "$DEFAULT_FIRMWARE_UPDATER" ]; then
+    # try to extract from built-in firmware updater
+    debug_msg "found default firmware updater, trying to fetch bitmap..."
+    tmp_folder=$("$DEFAULT_FIRMWARE_UPDATER" --sb_extract | sed "s'[^/]*''")
+    debug_msg "updater resources extrated to: $tmp_folder"
+
+    if [ -d "$tmp_folder" -a -s "$tmp_folder/bios.bin" ]; then
+      new_bmpfv="$tmp_folder/bmpfv.bin"
+      echo "$new_bmpfv"
+      gbb_utility --bmpfv="$new_bmpfv" "$tmp_folder/bios.bin" >/dev/null 2>&1
+    else
+      debug_msg "failed to find valid BIOS image file."
+    fi
+  else
+    debug_msg "no firmware updater in system. not changing bitmaps."
+  fi
+}
+
 # Main
 # ----------------------------------------------------------------------------
 main() {
   # Check parameters
   local root_pubkey="$FLAGS_keys/root_key.vbpubk"
   local recovery_pubkey="$FLAGS_keys/recovery_key.vbpubk"
   local firmware_keyblock="$FLAGS_keys/firmware.keyblock"
   local firmware_prvkey="$FLAGS_keys/firmware_data_key.vbprivk"
   local kernel_sub_pubkey="$FLAGS_keys/kernel_subkey.vbpubk"
   local new_bmpfv="$FLAGS_bmpfv"
   local is_from_live=0
   local backup_image=
+  local opt_bmpfv=""
+
+  if [ "$new_bmpfv" = "$DEFAULT_BMPFV_FILE" ]; then
+    new_bmpfv=$(explore_bmpfv) &&
+      debug_msg "Using bitmaps from $new_bmpfv"
+  fi
 
   debug_msg "Prerequisite check"
   ensure_files_exist \
     "$root_pubkey" \
     "$recovery_pubkey" \
     "$firmware_keyblock" \
     "$firmware_prvkey" \
-    "$kernel_sub_pubkey" \
-    "$new_bmpfv" ||
+    "$kernel_sub_pubkey" ||
     exit 1
 
+  if [ -n "$new_bmpfv" ]; then
+    opt_bmpfv="--bmpfv=$new_bmpfv"
+    ensure_files_exist "$new_bmpfv" || exit 1
+  fi
+
   if [ -z "$FLAGS_from" ]; then
     is_from_live=1
   else
-    ensure_files_exist "$FLAGS_from"
+    ensure_files_exist "$FLAGS_from" || exit 1
   fi
 
   debug_msg "Checking software write protection status"
   disable_write_protection ||
     if is_debug_mode; then
       err_die "Failed to disable WP. Diagnose Message: $(cat "$EXEC_LOG")"
     else
       err_die "Write protection is still enabled. " \
               "Please verify that hardware write protection is disabled."
     fi
@@ skipping 21 matching lines @@
 
   debug_msg "Decide new HWID"
   if [ -z "$old_hwid" ]; then
     err_die "Cannot find current HWID. (message: $(cat "$EXEC_LOG"))"
   fi
   local new_hwid="$(echo_dev_hwid "$old_hwid")"
 
   debug_msg "Replace GBB parts (gbb_utility allows changing on-the-fly)"
   gbb_utility --set \
     --hwid="$new_hwid" \
-    --bmpfv="$new_bmpfv" \
     --rootkey="$root_pubkey" \
     --recoverykey="$recovery_pubkey" \
+    $opt_bmpfv \
     "$IMAGE" >"$EXEC_LOG" 2>&1 ||
     err_die "Failed to change GBB Data. (message: $(cat "$EXEC_LOG"))"
 
   debug_msg "Resign the firmware code (A/B) with new keys"
   local unsigned_image="$(make_temp_file)"
   cp -f "$IMAGE" "$unsigned_image"
   "$SCRIPT_BASE/resign_firmwarefd.sh" \
     "$unsigned_image" \
     "$IMAGE" \
     "$firmware_prvkey" \
@@ skipping 43 matching lines @@
 
   debug_msg "Complete."
   if [ -z "$FLAGS_to" ]; then
     echo "Successfully changed firmware to Developer Keys. New HWID: $new_hwid"
   else
     echo "Firmware '$FLAGS_to' now uses Developer Keys. New HWID: $new_hwid"
   fi
 }
 
 main